DEV Community

Cover image for Protecting sensitive data using Secret Manager in .Net Core
Arjun Shetty
Arjun Shetty

Posted on

Protecting sensitive data using Secret Manager in .Net Core

Accidentally pushing sensitive data stored in application config into source controls!!! Thankfully this happens to many not only you ๐Ÿ˜œ. It feels good when you have a company doing mistakes or anything else.

So here is how to make sure this does not happen again. There are multiple ways to protect, the one we will learn now is using Secret Manager tool in #dotnetcore.

All we have to do use dotnet user-secrets this command. Before using it remove the sensitive value of the property you are trying to hide.

In my case it is "TwilioAuthToken":"" in appsettings.json file.

Now in the terminal run this below command,

dotnet add package Microsoft.Extensions.SecretManager.Tools

We have the necessary tools required to run the commands on user-secrets.

Lets create a key value vault for our project in *.csproj file like this

<PropertyGroup>
  <UserSecretsId>LocalKeyVault</UserSecretsId>
</PropertyGroup>
Enter fullscreen mode Exit fullscreen mode

Once you have a vault create we can now add/remove key value using this command

dotnet user-secrets set TwilioAuthToken <secretcodegoeshere>

In-case you have settings grouped like this

"Telegram":{
    "TelegramBaseAddress":"https://api.telegram.org/bot",
    "TelegramAPIKey":""
  }
Enter fullscreen mode Exit fullscreen mode

Use the command this way

dotnet user-secrets set "Telegram:TelegramAPIKey" "<secretcodegoeshere>"

Done! Now accessing this using configuration["TwilioAuthToken"] gets me the config value from %AppData%\Microsoft\UserSecrets\LocalKeyVault\secrets.json Which I am sure is not gonna get checked-in mistakenly ๐Ÿ˜œ

-Originally Blogged on Bitsmonkey
-Photo by Micah Williams on Unsplash

Top comments (1)

Collapse
 
erikshafer profile image
Erik Shafer

Avoiding that accidental commit is huge! Appreciate you dropping this information.